1. 14 Mar, 2022 1 commit
  2. 25 Feb, 2022 1 commit
  3. 23 Feb, 2022 1 commit
  4. 18 Feb, 2022 1 commit
    • Michael Achenbach's avatar
      Revert "[shared-struct] Prototype JS shared structs" · c1078b5e
      Michael Achenbach authored
      This reverts commit 1025bf26.
      
      Reason for revert: https://crbug.com/v8/12645
      
      Original change's description:
      > [shared-struct] Prototype JS shared structs
      >
      > Unlike the Stage 1 proposal, for simplicity the prototype does not add
      > any new syntax, instead opting for exposing a SharedStructType
      > constructor which takes an array of field names. This type constructor
      > returns constructors for shared structs.
      >
      > Shared structs can be shared across Isolates, are fixed layout, have no
      > prototype, have no .constructor, and can only store primitives and
      > other shared structs.
      >
      > The initial prototype does not have TurboFan support.
      >
      > Bug: v8:12547
      > Change-Id: I23bdd819940b42139692bcdb53d372099b0d4426
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3390643
      > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
      > Reviewed-by: Marja Hölttä <marja@chromium.org>
      > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
      > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
      > Commit-Queue: Shu-yu Guo <syg@chromium.org>
      > Cr-Commit-Position: refs/heads/main@{#79156}
      
      Bug: v8:12547
      Change-Id: I44f2b8bb7487b4d39ba1282585e0b2282501230f
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3474676
      Auto-Submit: Michael Achenbach <machenbach@chromium.org>
      Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
      Owners-Override: Michael Achenbach <machenbach@chromium.org>
      Commit-Queue: Michael Achenbach <machenbach@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#79170}
      c1078b5e
  5. 17 Feb, 2022 1 commit
  6. 10 Feb, 2022 1 commit
  7. 05 Feb, 2022 1 commit
  8. 01 Feb, 2022 1 commit
  9. 25 Jan, 2022 1 commit
  10. 20 Jan, 2022 1 commit
    • Samuel Groß's avatar
      [sandbox] Implement GC for the external pointer table · 4a3e41c5
      Samuel Groß authored
      The external pointer table is now managed by the GC, which marks entries
      that are alive during major GC, then sweeps the table afterwards to free
      all dead entries and build a free list from them. For now, only major GCs
      are supported, Scavenger GCs do not interact with the external pointer table.
      
      In more detail, garbage collection of the external pointer table works
      as follows:
      
      1. The external pointer table now reserves a large region of virtual
         address space for its backing buffer and is then never reallocated,
         only grown in place until the maximum size is reached.
      2. When the GC's marking visitor marks a HeapObject with an external
         pointer as alive, it also marks the corresponding external pointer
         table entry as alive. This can happen on a background thread.
      3. For that, it uses the MSB of each entry in the table to indicate
         whether the entry has been marked or not. This works because the MSB
         is always cleared during the AND-based type check performed when
         accessing an external pointer.
      4. After marking, the external pointer table is swept while the mutator
         is stopped. This builds an inline, singly-linked freelist of all
         newly-dead and previously-free entries.
      5. When allocating an entry from the table, the first entry on the
         freelist is used. If the freelist is empty, the table grows,
         populating the freelist with the new entries.
      6. Every newly-allocated entry is marked as alive, and every store to an
         existing entry also automatically marks that entry as alive (by also
         setting the MSB). This simplifies the design of the table GC with
         regards to concurrency (See ExternalPointerTable::Mark).
      
      Bug: v8:10391
      Change-Id: I8877fdf5576af3761bde65298951bb09e601bd14
      Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3359625Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Reviewed-by: 's avatarMaya Lekova <mslekova@chromium.org>
      Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
      Commit-Queue: Samuel Groß <saelo@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#78708}
      4a3e41c5
  11. 18 Jan, 2022 1 commit
    • Joyee Cheung's avatar
      [class] handle existing readonly properties in StoreOwnIC · 80bbbb14
      Joyee Cheung authored
      Previously, StoreOwnIC incorrectly reuses the [[Set]] semantics
      when initializing public literal class fields and object literals in
      certain cases (e.g. when there's no feedback).
      This was less of an issue for object literals, but with public class
      fields it's possible to define property attributes while the
      instance is still being initialized, or to encounter existing static
      "name" or "length" properties that should be readonly. This patch
      fixes it by
      
      1) Emitting code that calls into the slow stub when
         handling StoreOwnIC with existing read-only properties.
      2) Adding extra steps in StoreIC::Store to handle such stores
         properly with [[DefineOwnProperty]] semantics.
      
      Bug: v8:12421, v8:9888
      Change-Id: I6547320a1caba58c66ee1043cd3183a2de7cefef
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300092Reviewed-by: 's avatarShu-yu Guo <syg@chromium.org>
      Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
      Commit-Queue: Joyee Cheung <joyee@igalia.com>
      Cr-Commit-Position: refs/heads/main@{#78659}
      80bbbb14
  12. 15 Dec, 2021 2 commits
    • Samuel Groß's avatar
      V8 Sandbox rebranding · 277fdd1d
      Samuel Groß authored
      This CL renames a number of things related to the V8 sandbox.
      Mainly, what used to be under V8_HEAP_SANDBOX is now under
      V8_SANDBOXED_EXTERNAL_POINTERS, while the previous V8 VirtualMemoryCage
      is now simply the V8 Sandbox:
      
      V8_VIRTUAL_MEMORY_CAGE => V8_SANDBOX
      V8_HEAP_SANDBOX => V8_SANDBOXED_EXTERNAL_POINTERS
      V8_CAGED_POINTERS => V8_SANDBOXED_POINTERS
      V8VirtualMemoryCage => Sandbox
      CagedPointer => SandboxedPointer
      fake cage => partially reserved sandbox
      src/security => src/sandbox
      
      This naming scheme should simplify things: the sandbox is now the large
      region of virtual address space inside which V8 mainly operates and
      which should be considered untrusted. Mechanisms like sandboxed pointers
      are then used to attempt to prevent escapes from the sandbox (i.e.
      corruption of memory outside of it). Furthermore, the new naming scheme
      avoids the confusion with the various other "cages" in V8, in
      particular, the VirtualMemoryCage class, by dropping that name entirely.
      
      Future sandbox features are developed under their own V8_SANDBOX_X flag,
      and will, once final, be merged into V8_SANDBOX. Current future features
      are sandboxed external pointers (using the external pointer table), and
      sandboxed pointers (pointers guaranteed to point into the sandbox, e.g.
      because they are encoded as offsets). This CL then also introduces a new
      build flag, v8_enable_sandbox_future, which enables all future features.
      
      Bug: v8:10391
      Change-Id: I5174ea8f5ab40fb96a04af10853da735ad775c96
      Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3322981Reviewed-by: 's avatarHannes Payer <hpayer@chromium.org>
      Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
      Reviewed-by: 's avatarMichael Achenbach <machenbach@chromium.org>
      Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
      Commit-Queue: Samuel Groß <saelo@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#78384}
      277fdd1d
    • Benedikt Meurer's avatar
      [debug] Introduce a dedicated StackFrameInfo for v8::StackFrame. · b8e2a423
      Benedikt Meurer authored
      This is the final change list in the list of refactorings to split off
      the implementations of v8::StackFrame and CallSite objects (as used by
      the V8 JavaScript stack API). See https://bit.ly/v8-stack-frame for the
      whole story.
      
      This CL adds the v8::internal::StackFrameInfo class as new backing
      implementation of v8::StackFrame, and puts it into debug-objects.tq
      to indicate that it's used for the debugger API only. This new class
      is lightweight and only holds on to static information about the
      stack frame, and is thus usable for the V8 inspector to implement
      async stack traces in a cheaper manner going forward.
      
      Doc: https://bit.ly/v8-stack-frame
      Bug: chromium:1258599, chromium:1278650
      Fixed: chromium:1278647
      Change-Id: I4dbf2d850f47797263af225895129499169aad02
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302794
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Reviewed-by: 's avatarDominik Inführ <dinfuehr@chromium.org>
      Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#78382}
      b8e2a423
  13. 14 Dec, 2021 1 commit
  14. 08 Dec, 2021 1 commit
  15. 02 Dec, 2021 1 commit
    • Samuel Groß's avatar
      Use CagedPointers for ArrayBuffer backing stores · 42ed4928
      Samuel Groß authored
      This CL turns references to ArrayBuffer backing stores from
      JSArrayBuffers, JSTypedArrays, and JSDataViews into CagedPointers
      when those are enabled.
      
      CagedPointers cannot generally represent nullptr, as NULL usually lies
      outside the cage. As such, nullptr backing stores are replaced with a
      special empty backing store value, which, in the current implementation,
      points to the end of the cage, right in front of the trailing guard
      regions. Due to this, it is no longer correct to compare a backing store
      pointer against nullptr.
      
      Bug: chromium:1218005
      Change-Id: I4a6c7a82aabb4debcb6bb2babe4035ba2da8e79f
      Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3244419
      Commit-Queue: Samuel Groß <saelo@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#78218}
      42ed4928
  16. 05 Nov, 2021 1 commit
  17. 29 Oct, 2021 1 commit
    • Samuel Groß's avatar
      Introduce CagedPointer · afd15549
      Samuel Groß authored
      A CagedPointer is guaranteed to point into the Virtual Memory Cage and
      will for example be used for ArrayBuffer backing stores when the heap
      sandbox is enabled. In the current implementation, CagedPointers are
      stored as offsets from the cage base, shifted to the left. Because the
      cage base address is usually available in a register, accessing a
      CagedPointer is very efficient, requiring only an additional shift and
      add operation.
      
      Bug: chromium:1218005
      Change-Id: Ifc8c088e3862400672051a8c52840514dee2911f
      Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3123417Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
      Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Commit-Queue: Samuel Groß <saelo@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#77614}
      afd15549
  18. 08 Oct, 2021 2 commits
  19. 06 Oct, 2021 1 commit
  20. 29 Sep, 2021 1 commit
    • Seth Brenith's avatar
      [torque] Get rid of @generatePrint annotation · 267b067b
      Seth Brenith authored
      I'm trying to remove annotations and make behavior more consistent. For
      @generatePrint, there are two options: either generate printers for
      every extern class, or never generate printers for extern classes. This
      change implements the option of always generating printers. Classes that
      require custom printing can easily hide the generated printer by using
      DECL_PRINTER. This causes the generated file
      gen/torque-generated/objects-printer.cc to grow to 1600 lines, including
      many functions that are never used, but I think the consistency benefit
      outweighs a little more compilation time on one file. This change also
      removes custom printers in cases where the generated printer includes
      all of the same content.
      
      If folks would prefer the option to never generate printers, I'm open to
      doing that instead. I like the notion that generating more code could
      reduce the friction of adding new classes and thereby encourage people
      to define precise types rather than using FixedArrays, but the current
      implementation of generated printers is limited, and many printers have
      been customized to show the data that matters the most. Unlike verifiers
      and body descriptors, there are no correctness or safety concerns with
      hand-written printers.
      
      Some bugs showed up once we start generating printers for everything,
      and this change fixes them:
      - Printers incorrectly included ungettable fields like padding
      - Printers called getters which might be hidden by hand-written classes
      - The generated getter for Map::instance_type used
        ReadField<InstanceType>, which is not an arithmetic type since it's an
        enum
      
      One more tiny drive-by fix: added a missing newline in the printers for
      JSMap and JSSet.
      
      Bug: v8:7793
      Change-Id: Ib9e9575fbcb57879935ff18bf4db49fe276d2966
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3172190Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
      Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
      Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
      Cr-Commit-Position: refs/heads/main@{#77152}
      267b067b
  21. 14 Sep, 2021 2 commits
  22. 24 Aug, 2021 1 commit
    • Dan Elphick's avatar
      Reland "[include] Split out v8.h" · ec06bb6c
      Dan Elphick authored
      This is a reland of d1b27019
      
      Fixes include:
      Adding missing file to bazel build
      Forward-declaring classing before friend-classing them to fix win/gcc
      Add missing v8-isolate.h include for vtune builds
      
      Original change's description:
      > [include] Split out v8.h
      >
      > This moves every single class/function out of include/v8.h into a
      > separate header in include/, which v8.h then includes so that
      > externally nothing appears to have changed.
      >
      > Every include of v8.h from inside v8 has been changed to a more
      > fine-grained include.
      >
      > Previously inline functions defined at the bottom of v8.h would call
      > private non-inline functions in the V8 class. Since that class is now
      > in v8-initialization.h and is rarely included (as that would create
      > dependency cycles), this is not possible and so those methods have been
      > moved out of the V8 class into the namespace v8::api_internal.
      >
      > None of the previous files in include/ now #include v8.h, which means
      > if embedders were relying on this transitive dependency then it will
      > give compile failures.
      >
      > v8-inspector.h does depend on v8-scripts.h for the time being to ensure
      > that Chrome continue to compile but that change will be reverted once
      > those transitive #includes in chrome are changed to include it directly.
      >
      > Full design:
      > https://docs.google.com/document/d/1rTD--I8hCAr-Rho1WTumZzFKaDpEp0IJ8ejZtk4nJdA/edit?usp=sharing
      >
      > Bug: v8:11965
      > Change-Id: I53b84b29581632710edc80eb11f819c2097a2877
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097448
      > Reviewed-by: Yang Guo <yangguo@chromium.org>
      > Reviewed-by: Camillo Bruni <cbruni@chromium.org>
      > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
      > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
      > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
      > Commit-Queue: Dan Elphick <delphick@chromium.org>
      > Cr-Commit-Position: refs/heads/main@{#76424}
      
      Cq-Include-Trybots: luci.v8.try:v8_linux_vtunejit
      Bug: v8:11965
      Change-Id: I99f5d3a73bf8fe25b650adfaf9567dc4e44a09e6
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3113629Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarCamillo Bruni <cbruni@chromium.org>
      Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
      Reviewed-by: 's avatarSimon Zünd <szuend@chromium.org>
      Commit-Queue: Dan Elphick <delphick@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#76460}
      ec06bb6c
  23. 23 Aug, 2021 2 commits
    • Dan Elphick's avatar
      Revert "[include] Split out v8.h" · 44fe02ce
      Dan Elphick authored
      This reverts commit d1b27019.
      
      Reason for revert: Broke vtune build, tsan build and possibly others
      
      Original change's description:
      > [include] Split out v8.h
      >
      > This moves every single class/function out of include/v8.h into a
      > separate header in include/, which v8.h then includes so that
      > externally nothing appears to have changed.
      >
      > Every include of v8.h from inside v8 has been changed to a more
      > fine-grained include.
      >
      > Previously inline functions defined at the bottom of v8.h would call
      > private non-inline functions in the V8 class. Since that class is now
      > in v8-initialization.h and is rarely included (as that would create
      > dependency cycles), this is not possible and so those methods have been
      > moved out of the V8 class into the namespace v8::api_internal.
      >
      > None of the previous files in include/ now #include v8.h, which means
      > if embedders were relying on this transitive dependency then it will
      > give compile failures.
      >
      > v8-inspector.h does depend on v8-scripts.h for the time being to ensure
      > that Chrome continue to compile but that change will be reverted once
      > those transitive #includes in chrome are changed to include it directly.
      >
      > Full design:
      > https://docs.google.com/document/d/1rTD--I8hCAr-Rho1WTumZzFKaDpEp0IJ8ejZtk4nJdA/edit?usp=sharing
      >
      > Bug: v8:11965
      > Change-Id: I53b84b29581632710edc80eb11f819c2097a2877
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097448
      > Reviewed-by: Yang Guo <yangguo@chromium.org>
      > Reviewed-by: Camillo Bruni <cbruni@chromium.org>
      > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
      > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
      > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
      > Commit-Queue: Dan Elphick <delphick@chromium.org>
      > Cr-Commit-Position: refs/heads/main@{#76424}
      
      Bug: v8:11965
      Change-Id: Id57313ae992e720c8b19abc975cd69729e1344aa
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3113627
      Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Owners-Override: Leszek Swirski <leszeks@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#76428}
      44fe02ce
    • Dan Elphick's avatar
      [include] Split out v8.h · d1b27019
      Dan Elphick authored
      This moves every single class/function out of include/v8.h into a
      separate header in include/, which v8.h then includes so that
      externally nothing appears to have changed.
      
      Every include of v8.h from inside v8 has been changed to a more
      fine-grained include.
      
      Previously inline functions defined at the bottom of v8.h would call
      private non-inline functions in the V8 class. Since that class is now
      in v8-initialization.h and is rarely included (as that would create
      dependency cycles), this is not possible and so those methods have been
      moved out of the V8 class into the namespace v8::api_internal.
      
      None of the previous files in include/ now #include v8.h, which means
      if embedders were relying on this transitive dependency then it will
      give compile failures.
      
      v8-inspector.h does depend on v8-scripts.h for the time being to ensure
      that Chrome continue to compile but that change will be reverted once
      those transitive #includes in chrome are changed to include it directly.
      
      Full design:
      https://docs.google.com/document/d/1rTD--I8hCAr-Rho1WTumZzFKaDpEp0IJ8ejZtk4nJdA/edit?usp=sharing
      
      Bug: v8:11965
      Change-Id: I53b84b29581632710edc80eb11f819c2097a2877
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097448Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
      Reviewed-by: 's avatarCamillo Bruni <cbruni@chromium.org>
      Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
      Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Commit-Queue: Dan Elphick <delphick@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#76424}
      d1b27019
  24. 30 Jul, 2021 1 commit
  25. 29 Jul, 2021 1 commit
  26. 13 Jul, 2021 1 commit
  27. 08 Jul, 2021 2 commits
    • Patrick Thier's avatar
      Reland "Reland "Reland "Improve error messages for property access on null/undefined""" · c0fd89c3
      Patrick Thier authored
      This is a reland of 819c3ae2
      
      Original change's description:
      > Reland "Reland "Improve error messages for property access on null/undefined""
      >
      > This is a reland of 8b18c5e6
      >
      > Original change's description:
      > > Reland "Improve error messages for property access on null/undefined"
      > >
      > > This is a reland of 24c626c1
      > >
      > > Original change's description:
      > > > Improve error messages for property access on null/undefined
      > > >
      > > > Only print the property name when accessing null/undefined if we can
      > > > convert it to a string without causing side effects.
      > > > If we can't, omit the property name in the error message.
      > > > This should avoid confusion when the key is an object with toString().
      > > > E.g. undefined[{toString:()=>'a'}] doesn't print 'read property [object
      > > > Object]' anymore, which was misleading since the property accessed would
      > > > be 'a', but we can't evaluate the key without side effects.
      > > >
      > > > Bug: v8:11365
      > > > Change-Id: If82d1adb42561d4851e2bd2ca297a1c71738aee8
      > > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960211
      > > > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
      > > > Commit-Queue: Patrick Thier <pthier@chromium.org>
      > > > Cr-Commit-Position: refs/heads/master@{#75250}
      > >
      > > Bug: v8:11365
      > > Change-Id: Ie2312337f4f1915faa31528a728d90833d80dbd1
      > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979599
      > > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
      > > Commit-Queue: Patrick Thier <pthier@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#75571}
      >
      > Bug: v8:11365
      > Change-Id: I90360641ecd870bd93247aa6d91dfb0ad049cfb8
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3008219
      > Auto-Submit: Patrick Thier <pthier@chromium.org>
      > Commit-Queue: Toon Verwaest <verwaest@chromium.org>
      > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#75604}
      
      Bug: v8:11365
      Change-Id: I002b537144f328ccbbdcd655e26e5dc87c49c6f5
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3013935Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
      Commit-Queue: Patrick Thier <pthier@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#75645}
      c0fd89c3
    • Leszek Swirski's avatar
      Revert "Reland "Reland "Improve error messages for property access on null/undefined""" · 7ac7b72b
      Leszek Swirski authored
      This reverts commit 819c3ae2.
      
      Reason for revert: Sorry Patrick, still failing on some layout tests :( https://test-results.appspot.com/data/layout_results/mac-rel/726365/blink_web_tests%20%28retry%20shards%20with%20patch%29/layout-test-results/results.html
      
      Original change's description:
      > Reland "Reland "Improve error messages for property access on null/undefined""
      >
      > This is a reland of 8b18c5e6
      >
      > Original change's description:
      > > Reland "Improve error messages for property access on null/undefined"
      > >
      > > This is a reland of 24c626c1
      > >
      > > Original change's description:
      > > > Improve error messages for property access on null/undefined
      > > >
      > > > Only print the property name when accessing null/undefined if we can
      > > > convert it to a string without causing side effects.
      > > > If we can't, omit the property name in the error message.
      > > > This should avoid confusion when the key is an object with toString().
      > > > E.g. undefined[{toString:()=>'a'}] doesn't print 'read property [object
      > > > Object]' anymore, which was misleading since the property accessed would
      > > > be 'a', but we can't evaluate the key without side effects.
      > > >
      > > > Bug: v8:11365
      > > > Change-Id: If82d1adb42561d4851e2bd2ca297a1c71738aee8
      > > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960211
      > > > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
      > > > Commit-Queue: Patrick Thier <pthier@chromium.org>
      > > > Cr-Commit-Position: refs/heads/master@{#75250}
      > >
      > > Bug: v8:11365
      > > Change-Id: Ie2312337f4f1915faa31528a728d90833d80dbd1
      > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979599
      > > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
      > > Commit-Queue: Patrick Thier <pthier@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#75571}
      >
      > Bug: v8:11365
      > Change-Id: I90360641ecd870bd93247aa6d91dfb0ad049cfb8
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3008219
      > Auto-Submit: Patrick Thier <pthier@chromium.org>
      > Commit-Queue: Toon Verwaest <verwaest@chromium.org>
      > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#75604}
      
      Bug: v8:11365
      Change-Id: I7d7c0f201288384c2aa38a51418b582a64213ae0
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3013352
      Auto-Submit: Leszek Swirski <leszeks@chromium.org>
      Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
      Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
      Cr-Commit-Position: refs/heads/master@{#75626}
      7ac7b72b
  28. 07 Jul, 2021 1 commit
    • Patrick Thier's avatar
      Reland "Reland "Improve error messages for property access on null/undefined"" · 819c3ae2
      Patrick Thier authored
      This is a reland of 8b18c5e6
      
      Original change's description:
      > Reland "Improve error messages for property access on null/undefined"
      >
      > This is a reland of 24c626c1
      >
      > Original change's description:
      > > Improve error messages for property access on null/undefined
      > >
      > > Only print the property name when accessing null/undefined if we can
      > > convert it to a string without causing side effects.
      > > If we can't, omit the property name in the error message.
      > > This should avoid confusion when the key is an object with toString().
      > > E.g. undefined[{toString:()=>'a'}] doesn't print 'read property [object
      > > Object]' anymore, which was misleading since the property accessed would
      > > be 'a', but we can't evaluate the key without side effects.
      > >
      > > Bug: v8:11365
      > > Change-Id: If82d1adb42561d4851e2bd2ca297a1c71738aee8
      > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960211
      > > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
      > > Commit-Queue: Patrick Thier <pthier@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#75250}
      >
      > Bug: v8:11365
      > Change-Id: Ie2312337f4f1915faa31528a728d90833d80dbd1
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979599
      > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
      > Commit-Queue: Patrick Thier <pthier@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#75571}
      
      Bug: v8:11365
      Change-Id: I90360641ecd870bd93247aa6d91dfb0ad049cfb8
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3008219
      Auto-Submit: Patrick Thier <pthier@chromium.org>
      Commit-Queue: Toon Verwaest <verwaest@chromium.org>
      Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#75604}
      819c3ae2
  29. 06 Jul, 2021 2 commits
    • Leszek Swirski's avatar
      Revert "Reland "Improve error messages for property access on null/undefined"" · 94cd8b64
      Leszek Swirski authored
      This reverts commit 8b18c5e6.
      
      Reason for revert: Still failing: https://test-results.appspot.com/data/layout_results/V8_Blink_Linux/12469/blink_web_tests%20%28retry%20shards%20with%20patch%29/layout-test-results/results.html
      
      Original change's description:
      > Reland "Improve error messages for property access on null/undefined"
      >
      > This is a reland of 24c626c1
      >
      > Original change's description:
      > > Improve error messages for property access on null/undefined
      > >
      > > Only print the property name when accessing null/undefined if we can
      > > convert it to a string without causing side effects.
      > > If we can't, omit the property name in the error message.
      > > This should avoid confusion when the key is an object with toString().
      > > E.g. undefined[{toString:()=>'a'}] doesn't print 'read property [object
      > > Object]' anymore, which was misleading since the property accessed would
      > > be 'a', but we can't evaluate the key without side effects.
      > >
      > > Bug: v8:11365
      > > Change-Id: If82d1adb42561d4851e2bd2ca297a1c71738aee8
      > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960211
      > > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
      > > Commit-Queue: Patrick Thier <pthier@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#75250}
      >
      > Bug: v8:11365
      > Change-Id: Ie2312337f4f1915faa31528a728d90833d80dbd1
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979599
      > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
      > Commit-Queue: Patrick Thier <pthier@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#75571}
      
      Bug: v8:11365
      Change-Id: Ic4137f0d70fa9b10ca70fa921b98ea7e1499f11b
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3008217
      Auto-Submit: Leszek Swirski <leszeks@chromium.org>
      Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
      Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
      Cr-Commit-Position: refs/heads/master@{#75577}
      94cd8b64
    • Patrick Thier's avatar
      Reland "Improve error messages for property access on null/undefined" · 8b18c5e6
      Patrick Thier authored
      This is a reland of 24c626c1
      
      Original change's description:
      > Improve error messages for property access on null/undefined
      >
      > Only print the property name when accessing null/undefined if we can
      > convert it to a string without causing side effects.
      > If we can't, omit the property name in the error message.
      > This should avoid confusion when the key is an object with toString().
      > E.g. undefined[{toString:()=>'a'}] doesn't print 'read property [object
      > Object]' anymore, which was misleading since the property accessed would
      > be 'a', but we can't evaluate the key without side effects.
      >
      > Bug: v8:11365
      > Change-Id: If82d1adb42561d4851e2bd2ca297a1c71738aee8
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960211
      > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
      > Commit-Queue: Patrick Thier <pthier@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#75250}
      
      Bug: v8:11365
      Change-Id: Ie2312337f4f1915faa31528a728d90833d80dbd1
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979599Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
      Commit-Queue: Patrick Thier <pthier@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#75571}
      8b18c5e6
  30. 21 Jun, 2021 2 commits
  31. 18 Jun, 2021 1 commit
    • Patrick Thier's avatar
      Improve error messages for property access on null/undefined · 24c626c1
      Patrick Thier authored
      Only print the property name when accessing null/undefined if we can
      convert it to a string without causing side effects.
      If we can't, omit the property name in the error message.
      This should avoid confusion when the key is an object with toString().
      E.g. undefined[{toString:()=>'a'}] doesn't print 'read property [object
      Object]' anymore, which was misleading since the property accessed would
      be 'a', but we can't evaluate the key without side effects.
      
      Bug: v8:11365
      Change-Id: If82d1adb42561d4851e2bd2ca297a1c71738aee8
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960211Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
      Commit-Queue: Patrick Thier <pthier@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#75250}
      24c626c1
  32. 17 Jun, 2021 1 commit
  33. 16 Jun, 2021 1 commit